VERY IMPORTANT

Recently, Sangfor’s security team captured the social engineering attacks of the Lazarus organization against the cryptocurrency-related industries. After finding the target information, the organization suspected of actively contacting the target through instant messaging software and sending a modified open source PDF software (Secure PDF). Viewer.exe) and malicious PDF files (Android Hardware Wallet.pdf) carrying encrypted payloads. Opening "Secure PDF Viewer.exe" alone has no malicious behavior. "Android Hardware Wallet.pdf" cannot be opened with conventional software. Therefore, the organization will use social engineering methods to induce attackers to use exe files to view pdf files, and finally decrypt them out of the background. Malicious program execution achieves the purpose of remote control and information theft.